Duplicate installed packages from one machine to the other (RPM-based systems)

Code:

sshroot@remote.host “rpm -qa” | xargs yum -y install

Find SUID & SGID files

Code:

# find / \( -perm -4000 -o -perm -2000 \) -print

Find open ports

Code:

# netstat –listen

To display open ports and established TCP connections

Code:

# netstat -vatn

To display only open UDP ports try the following command

Code:

# netstat -vaun

# netstat -tulpn

If you want to see FQDN (full dns hostname), try removing the -n flag

Code:

$ netstat -vat

To display all open IPv4 network files in use by the process whose PID is 9255

Code:

# lsof -i 4 -a -p 9255

Lsof command examples

Code:

lsof -i :portNumber

lsof -itcp:portNumber

lsof -iudp:portNumber

lsof -i :80

lsof -i :80 | grep LISTEN

Sample outputs:

Code:

apache2 1607 root 3u IPv4 6472 0t0 TCP *:www (LISTEN)

apache2 1616 www-data 3u IPv4 6472 0t0 TCP *:www (LISTEN)

apache2 1617 www-data 3u IPv4 6472 0t0 TCP *:www (LISTEN)

apache2 1618 www-data 3u IPv4 6472 0t0 TCP *:www (LISTEN)

apache2 1619 www-data 3u IPv4 6472 0t0 TCP *:www (LISTEN)

apache2 1620 www-data 3u IPv4 6472 0t0 TCP *:www (LISTEN)

Find out the processes PID that opened TCPport **22**

Code:

# fuser22/tcp

Comparison of CPU utilization

The sar command writes to standard output the contents of selected cumulative activity counters in the operating system. The accounting system, based on the values in the count and interval parameters. For example, to display the comparison of CPU utilization, 2 seconds apart and 5 times, use:

Code:

# sar -u 2 5

Output

Code:

Linux 2.6.18-53.el5 (slv0451i) 01/25/2011

09:55:02 AM CPU %user %nice %system %iowait %steal %idle

09:55:04 AM all 16.75 0.00 83.25 0.00 0.00 0.00

09:55:06 AM all 20.45 0.00 79.55 0.00 0.00 0.00

09:55:08 AM all 24.31 0.00 75.69 0.00 0.00 0.00

09:55:10 AM all 19.95 0.00 80.05 0.00 0.00 0.00

09:55:12 AM all 21.00 0.00 79.00 0.00 0.00 0.00

Average: all 20.49 0.00 79.51 0.00 0.00 0.00

Where

-u 12 5: Report CPU utilization. The following values are displayed:

o%user: Percentage of CPU utilization that occurred while executing at the user level (application).

o %nice: Percentage of CPU utilization that occurred while executing at the user level with nice priority.

o%system: Percentage of CPU utilization that occurred while executing at the system level (kernel).

o%iowait: Percentage of time that the CPU or CPUs were idle during which the system had an outstanding disk I/O request.

o%idle: Percentage of time that the CPU or CPUs were idle and the system did not have an outstanding disk I/O request.

To get multiple samples and multiple reports, set an output file for the sar command. Run the sar command as a background process using the following code:

Code:

#sar -o output.file 12 8 >/dev/null 2>&1 &

You should alsouse the nohup command so that you can logout and check back report later on:

Code:

# nohupsar -o output.file 12 8 >/dev/null 2>&1 &

All the data is captured in binary form and saved to a file (data.file). The data can then be selectively displayed by using the sar command with the -f option.

-nP flags are optional and UDP is irrelevant for established connections

Similar but using the process id

Code:

$ lsof -nP -p PID | egrep -o ‘(TCP|UDP).*$’

Detect your computer’s harddisk read speed without disk cache speed

Code:

$ cat /dev/sda | pv -r > /dev/null

Check the reserved block percentage of an Ext2/3 filesystem

You are probably aware that some percent of disk space on an ext2/ext3 file system is reserved for root (typically 5%). As documented elsewhere, this can be reduced to 1% with the following:

Code:

$ dumpe2fs -h /dev/sdX

$ tune2fs -m 1 /dev/sdX (where X = drive/partition, like /dev/sda1)

$ dumpe2fs -h /dev/sdX

Rsync directory tree including only files that match a certain find result

‘-mtime -10’ syncs only files newer than 10 days (-mtime is just one example, use whatever find expressions you need)

printf %P: File’s name with the name of the command line argument under which it was found removed.

This way, you can use any src directory; no need to cd into your src directory first.

Using \\0 in printf and a corresponding –from0 in rsync ensures that even filenames with newline characters work (thanks syssyphus for #3808).

Both, #1481 and #3808 just work if you either copy the current directory (.), or the filesystem root (/); otherwise, the output from find and the source dir from rsync just don’t match. #7685 works with an arbitrary source directory.

Adrian Birsan is a freelance web developer and pentester. Says he: "Technology has always been something which captivates me; I like computer security and software development. I am a pentester on my free time and also own a blog where I post useful information. I am a big supporter of Freedom of Speech and ... I play the guitar \m/ " His blog can be found at http://softpill.eu/

3 responses to “Allow Me To Save You Some Time: Some Useful Shortcuts”

Hi, you should really pay special attention to formatting and use syntaxhighlighter. You should also group commands together, so you’re not describing find command at the beginning and at the end of the article.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Website

Save my name, email, and website in this browser for the next time I comment.

7 − 5 =

About InfoSec

At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We provide the best certification and skills development training for IT and security professionals, as well as employee security awareness training and phishing simulations. Learn more at infosecinstitute.com.

Connect with us

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

Why Take This Training?

How will you fund your training?

What is your training budget?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam